Telegram zero-day vulnerability used in cryptocurrency mining attacks

Hackers have been able to exploit a vulnerability in the Telegram messaging app’s desktop client to earn units of cryptocurrencies such as Monero and ZCash, according to Kaspersky Lab.

Telegram is one of the most popular messaging hubs used by members of the cryptocurrency community.

Kaspersky said on its website that users were tricked into downloading malicious software onto their computers that used their processing power to mine currency, or serve as a backdoor for attackers to remotely control a machine.

While analyzing the servers of malicious actors, Kaspersky researchers also found archives containing a cache of Telegram data that had been stolen from victims.

The Russian security firm said it “reported the vulnerability to Telegram and, at the time of publication, the zero-day flaw has not since been observed in messenger’s products.”

Pavel Durov, who founded Telegram in 2013, has been marketing it as a highly secure messaging tool, where traffic is encrypted and difficult to intercept. The positioning helped the service gain popularity among security-concerned users, including French President Emmanuel Macron and Islamic State terrorists.

Telegram is holding an initial coin offering seeking to raise about $2 billion to create its own blockchain and cryptocurrency.